Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

http: reject header contents with nul bytes #8601

Closed
wants to merge 2 commits into from
Closed

Conversation

bagder
Copy link
Member

@bagder bagder commented Mar 16, 2022

They are not allowed by the protocol and allowing them risk that curl
misbehaves somewhere where c functions are used but won't work on the
full contents. Further, they are not supported by hyper and they cause
problems for the new comign headers API work.

Updated test 262 to verify.

@bagder
Copy link
Member Author

@bagder bagder commented Mar 16, 2022

I made it return CURLE_WEIRD_SERVER_REPLY, as it seemed the best available error code.

They are not allowed by the protocol and allowing them risk that curl
misbehaves somewhere where c functions are used but won't work on the
full contents. Further, they are not supported by hyper and they cause
problems for the new coming headers API work.

This also makes hyper return the same thing for this error.

Updated test 262 to verify and enabled it for hyper as well

Closes #8601
@bagder bagder force-pushed the bagder/reject-http-zero branch from 2fb268d to d41351d Compare Mar 17, 2022
It was used for too many other cases as well
@bagder bagder deleted the bagder/reject-http-zero branch Mar 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

1 participant